CVE-2023-7005
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sciener | TTLock App | 6.4.5 <= 6.4.5 | affected |
Weaknesses
- CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.